A good read. . . . The Ultimately Secure DEEP PACKET INSPECTION AND APPLICATION SECURITY SYSTEM Featuring signature-less anomaly detection and blocking technology with application awareness and layer-7 state tracking!!! If I had a dollar.... If I had a dollar for every time I've seen someone post "I need a 100% secure firewall, that lets me do everything" I'd be retired by now. The fact is, that if you're connecting your network to anything else, you're running a risk. Period. Usually, that risk can be reduced, often dramatically, by employing basic security precautions such as firewalls. But a firewall is a risk reduction system, it is not a risk mitigation system -- there is, always, some danger that something can go fatally wrong with anything built by humans. http://www.ranum.com/security/computer_security/index.html . . . StevieO
Well actually every in and out onto the 'net or network from a computer should be monitored or okayed by the user on an individual basis per incidence providing the outgoing request and the connection attempt info.The same for inbound. But that'll never go over totally well I am sure. I mean we have 'walls that do it now pretty much BUT it must be setup that way(Kerio one eg) you can get it to pretty much detail about everything. BUT of course the age old tradeoff. Lots of people here are knowledgeable and know how to setup things. Some gliches already with these all in one "security suites" or the individual computers and OS they are set about on(every "load and" its condition is 'prolly differng ) look at windows with gen. host processes,explorer etc. etc. many aren't sure what they are, lots necessary maybe but hey many people just give it okay anyway. Boom onto next item. People only want to get where they want to in as short a time as possible with as little effort.